Research Article
A Security Enhanced Key Management Service for ARM Pointer Authentication
@INPROCEEDINGS{10.1007/978-3-030-80851-8_4, author={Liqiang Zhang and Qingsong Chen and Fei Yan}, title={A Security Enhanced Key Management Service for ARM Pointer Authentication}, proceedings={Applied Cryptography in Computer and Communications. First EAI International Conference, AC3 2021, Virtual Event, May 15-16, 2021, Proceedings}, proceedings_a={AC3}, year={2021}, month={7}, keywords={Pointer authentication Key management Control-flow integrity}, doi={10.1007/978-3-030-80851-8_4} }- Liqiang Zhang
Qingsong Chen
Fei Yan
Year: 2021
A Security Enhanced Key Management Service for ARM Pointer Authentication
AC3
Springer
DOI: 10.1007/978-3-030-80851-8_4
Abstract
The memory-unsafe programming languages caused a pandemic of memory corruption bugs in ARM-based devices. To mitigate such threats, Control-Flow Integrity (CFI) is one of the most effective and popular solution, and integrated with the modish hardware makes it even more valuable, for instance, the ARM Pointer Authentication (PA), which can generate a message authentication code for a pointer and verify it to ensure the pointer is intact. However, according to some research, the QARMA algorithm, as a critical part of PA, is vulnerable to certain attacks, making it possible to recover the key.
In this paper, we present a key management service for PA. It utilizes the exception model of TrustZone to isolate the key generation process of PA securely, preventing the key from leaking to insecure memory; then takes advantage of a randomization scheme to dynamically derive separate keys for both kernel-space and user-space programs. Based on the scheme, we have implemented a prototype among the ARM Trusted Firmware, and also an enhanced backward-edge CFI solution. The evaluation shows that it introduces a reasonable and acceptable performance overhead, while provides better security guarantee.
